Monday, November 30, 2009

Gifts and Giving

Now that Black Friday and Cyber Sunday are behind us, it's time to reflect on gift giving. There are been several great articles which provide guiding principles.

George F. Will wrote an excellent column about how not to give gifts. When recipients say "You shouldn't have", they're right!

Joel Waldfogel, the author of ”Scroogenomics: Why You Shouldn’t Buy Presents for the Holidays,” provides a detailed economic analysis of the economic consequences of random gift giving, concluding the best bet is to focus on children and give adults gift cards or named charitable contributions in their honor.

Here's the approach I've used with my close family members.

My daughter has not asked for any specific gifts (she's not a shopper or someone who seeks the season's "must have" items). She has asked that any gifts focus on her three loves - the outdoors, Japan, and archery. We hike, bike, and cross country ski together. This year, I'm helping her choose a few Arcteryx pieces - base layers and shell layers to keep her safe during all the outdoor activities she does with and without me. She's been an archer for several years and this is the year she'll get her own bow - her preference is for something simple in wood, not high-tech carbon or fiberglass.

My wife is starting a gallery in Boston's South End and is reorganizing her studio. My gift to her is all the time, heavy lifting, and construction work she needs to be successful. In addition to being a CIO, I do plumbing, electrical, carpentry, and painting.

My parents are transitioning from cell phones to PDAs, so I'll help them choose and integrate those devices into their lives. I'll also upgrade their computers to Snow Leopard.

The common theme among all these gifts, is the Gift of Time. More than things, I'm giving my experience, my effort, and my expertise in things outdoors, home improvement, and technological.

Hopefully, my family will not conclude that "I shouldn't have"!

Friday, November 27, 2009

A Vegan Thanksgiving 2009

Last year I wrote about my vegan Thanksgiving and the reason I became vegan in the first place.

Here's the 2009 menu - healthy, light, and traditional. Since there is no grease, cleanup is easy. Since there is no tryptophan (no turkey), you do not fall into a stupor afterwards.

Tofurky - a tofu and grain-based roast available from Turtle Island Foods . I do not typically eat meat substitutes since I enjoy the inherent food qualities of tofu, tempeh and seitan, but a Tofurky is great for family holiday entertaining.

Harvest vegetable medley - carrots, parsnips, onions and fresh herbs from our garden roasted at 425F

Steamed Brussels sprouts from our local Community Supported Agriculture (CSA) farm

Boiled fresh rutabegas from our garden

Mashed Kennebec potatoes (no butter or cream added, just a bit of soy milk) from our CSA

Mashed buttnernut squash from our CSA

Roasted Sweet Potatoes from our CSA

Pecan stuffing

Homemade cranberry sauce

Homemade sweet pickles

Wine: Louis Roederer Cristal 1999 (a gift)

Dessert: Vegan pumpkin pie, Sencha from Uji

I really look forward to those fresh Tofurky sandwiches after Thanksgiving!

Thursday, November 26, 2009

A Plea for Civility

It's Thanksgiving Day and we should all take time for our families, our mental health, and a pause from the pressures of the modern world. As I've told my staff, it's been a typical Fall - we go from the doldrums of Summer to a sprint post Labor Day with numerous urgent (and sometimes unplanned) projects.

This takes a personal toll. Tempers can flare, and patience can run thin. Civility disappears.

What do I mean by civility?

Webster's calls it "civilized conduct; especially courtesy, politeness"

How was your drive to work yesterday? Put another way - what is the shortest unit of measurable time? Answer - the time between the light turning green in front of you and the person honking behind you.

Did people stop for pedestrians in crosswalks? Did they let you into merging traffic? Did they stop at yellow lights to keep intersections clear and prevent gridlock?

If you boarded a flight yesterday, did passengers wait until their seats or zones were called before standing in line? Did they check their steamer trunk sized bags so that there was plenty of room in the overhead bins for others with smaller carry ons? Did the person in front of you avoid reclining their seat so that you could have a more enjoyable flight?

I realize that more people are competing for fewer resources and the economy is less than robust. That does not mean we have to turn each day into our own personal Lord of the Flies.

It is my hope that as we enter the holiday season, the pace will slow and we'll be able to do our work in a predictable way, with the scope, resources and timelines we need to get them done.

Today, raise a toast to the good things we have in life - family, wellness, and the boundless opportunity to make the world a better place. Let's use the Thanksgiving weekend to renew our spirits, prepare for the challenges ahead, and regain our civility.

I'm off to roast the squash and carve the Tofu.

Wednesday, November 25, 2009

Status emailicus

My day is spent running meetings - staff meetings, steering committee meetings, and various kinds of national/regional/local governance bodies.

Over the past year I have noticed a trend in all these meetings. The number of emails that people receive each day exceeds their ability to respond to them, so they develop "status emailicus" - a bit like status epilepticus (persistent seizures) but it involves retrieving a blackberry, iPhone, or other mobile device from its holster every 15 seconds throughout the meeting.

The end result is continuous partial attention. You'd like to believe that everyone is participating in the discussion, especially if complex issues are being debated. Ideally, when consensus is achieved, everyone leaves the meeting marching to the same tune. However, by multi-tasking in meetings, we see every other frame of the movie. We miss the subtleties of conversation and critical details that may later turn into deal breakers.

How do we solve this problem?

We could throw away our mobile devices, but that ignores their positive aspects. My travel to Washington is possible because I can use my mobile device for command and control of all the projects I'm running, even while in planes, trains, and automobiles.

One option is to reset expectations. Email is not the same as Instant Messaging. A 5 minute response time throughout the day only works if there are no meetings to attend.

Another option is to realize that we all work 8 hours a day in meetings/calls and 8 hours in email. We could limit meetings to 30 minutes in duration - enough time for efficient discussion, but not too long to result in overwhelming email backlog. Following each 30 minute meeting, we could get a 30 minute recess to act on decisions made and catch up on emails.

As I've mentioned in my Open Access Scheduling for Administrators blog, I'm trying to reserve 50% of my time to address the issues that arise each day. Maybe that will reduce my need to check email during meetings.

The bottom-line is that email overload exists and we can

a. Ignore it and hope it goes away
b. Continue to let email run our lives and distract our every waking moment
c. Take control and organize our email responses by reserving a part of each day, outside of meetings, for timely email responses.

I already sense that people are beginning to rethink the way they manage connectedness. Twitter's popularity is decreasing, Instant Messaging is on the wane, and social networks seem less of an obsession.

I welcome your thoughts - just don't email me :-).

Tuesday, November 24, 2009

A Visicalc moment

If you were an early Apple II or IBM PC user, you may remember the first time you saw Visicalc (1979), SuperCalc (1980), MultiPlan (1982), or Lotus 1-2-3 (1983).

The spreadsheet solves a real problem - it saves time, it empowers its users, and people are more productive using it.. No more paper, pencil and calculators. No more days wasted manually computing "what if" scenarios.

I call this joy from the early days of personal computing a "Visicalc moment".

One challenge we face as we roll out electronic health records to every clinician is that the first time they see an EHR (of any type, from any vendor), they rarely have a "Visicalc moment".

Because we have not marketed the benefits of EHRs to clinicians, they are not sure an EHR saves time, streamlines their workflow, or brings them a better quality of worklife.

There are 3 ways to motivate most clinicians
1. Pay them more
2. Offer them more free time
3. Apply Peer Pressure

How can we leverage these principles clinicians so they will have Visicalc moments?

A few thoughts

1. Electronic medication workflow in an EHR saves time, reduces the number of calls/pages due to unreadable prescription and streamlines the refile process.

2. Templates, Macros and voice recognition can speed up clinical documentation. Of course, they must be used wisely to avoid creating inaccuracies that are persisted forever in the record. Electronic clinical documentation can be electronically exchanged between referring clinicians and specialists, leading to a peer preference for those who document electronically.

3. Patient Education can be automated by linking problem lists and prescriptions to resources such as UptoDate, Healthwise, and

4. Decision Support such as automated ordering ensures the safest, most effective therapies are given based on evidence and patient specific data. It can also be used to generate alerts and reminders in support of pay for performance programs.

5. Administrative simplification streamlines the revenue cycle, reducing denials and AR days.

Thus, EHRs, especially those offered via the web in software as a service models can generate income, save time, and keep peers happy.

Let's hope the regional healthcare IT Extension Centers and hospitals which rollout EHRs for their community physicians can achieve a few "Visicalc moments".

Monday, November 23, 2009

Marketing Interoperability

In the past, it's been challenging to market interoperability because incentives to share data between organizations are often not aligned.

You can imagine the following conversation

"Hi - I'm from your local health information exchange. You may know that over 20% of lab and radiology tests ordered in our state are redundant and unnecessary. We're solving that problem through interoperability and we need you to invest $300,000 in capital plus $100,000 per year to connect to our state wide exchange. When it's all working, we'll eliminate all the redundancy, reducing your lab and radiology income by 20%. "

Interoperability is great for patients, a benefit to society, but can create a loss of income for some stakeholders. How do we sell it?

1. Health Reform - if healthcare reform aligns incentives for wellness and care coordination, stakeholders will be incentivized to share data. For example, if medical error is no longer reimbursed and hospital readmissions become a cost rather than a profit center, care summaries are likely to be shared among providers and data sharing between patients and providers will be used for home monitoring and keeping patients out of the hospital.

2. Meaningful Use Metrics/Pay for Performance

The HIT Policy Committee has proposed 29 metrics for 2011 - 17 measures of quality and 12 measures of meaningful use. Although the definition of meaningful use will not be published until next month, It is likely that clinical summary data exchange between organizations, e-prescribing, electronic laboratory workflow, quality measurement, and public health will be included. Thus, for organizations to claim their stimulus funds, they must be interoperable. Exchanging data between facilities within an organization does not count, per Dr. Blumenthal's recent newsletter. Many private insurers also ofter pay for performance incentives for reduced readmission rates, appropriate testing, and medication management. The combination of stimulus funds, Medicare Part D funds, and private insurer pay for performance should provide a reasonable incentives.

3. Peer pressure

I've seen several types of interoperability "peer pressure" in our communities. Primary Care physicians would rather work with specialists who can exchange clinical data, ensuring a closed loop referral workflow. Specialists who are not interoperable are likely to experience a decline in business. Among hospitals, our local CEOs have decided that healthcare IT should not be be considered a competitive asset for any one organization, it should raise the bar for all organizations to improve the health of the population. Thus, each CEO had decided to eliminate silos and share clinical summaries at transitions of care, even if this means exchanging data between competitive organizations.

4. Cost avoidance

The NEHEN network has eliminated paper for 90% of the administration transactions in Massachusetts, taking the cost of claims submission from $2.50 to .25 . We've been able to make the ROI/business case for funding interoperability operations based on cost avoidance. Clinical data exchange also has cost avoidance. ePrescribing eliminates the need for staff to process refills and reduces calls/pages to clarify prescriptions. Malpractice assertions are less likely when care is coordinated among patients and provides. Disease management programs administered by payers and case management activities are more efficient when data is shared electronically.

5. Increased business

Providing interoperable connections in and out of an organization should make that organization a more attractive business partner for clinical collaboration, clinical research, and diagnostic services. I recently was asked to enable data sharing between BIDMC and a business partner. I was told that interoperability was a significant value add to the relationship.

Thus, although there may be a short term misalignment of incentives caused by reducing redundancy and waste, the are many reasons to implementation interoperability for the long term. With new regulations and healthcare reform on the horizon, I'm hoping it becomes a business imperative!

Friday, November 20, 2009

Cool Technology of the Week

We've all used Google products - Search, Gmail, Blogger, You Tube, Docs, and Analytics. Along the way, we've provided information about ourselves - our preferences, our searches, and our customizations.

Google has created a dashboard that serves as a "disclosure log" of everything they know about each user.

To access it, go to Google Dashboard

It's fascinating to see the accumulated data. Google does have strong policies to provide the Google Personal Health Record (Google Health). Any information related to that product is not mined, resold, distributed or used for advertising in any way.

With the Dashboard, I can better understand the data Google gathers about me and be a better informed user.

A dashboard that consolidates all information about my use of Google products - that's cool.

Thursday, November 19, 2009

The November HIT Standards Committee Meeting

The two major agenda items of the November HIT Standards Committee were the lessons learned from the Implementation Workgroup activities and security testimony from multiple industry experts in four panels - Stability/Reliability, Cybersecurity, Data Theft/Loss/Misuse, and Building Trust.

We began the day with an overview of the 10 major themes from the Implementation Workgroup testimony. We discussed the ways in which these themes could inform our future work in the upcoming months as we review comments on the interim final rule, consider incremental improvements to the standards supporting meaningful use in 2013/2015, and we consider tools/technologies/education to enhance adoption.

Specific action items include:

*Work hard on vocabularies and try to get them open sourced for the entire community of stakeholders.

*Consider adding a simple REST-based transport method for point to point exchanges between organizations. We already have recommended SOAP (as constrained by HITSP Service Collaborations) and REST as approaches to transport. At present there is no specific guidance as to how REST shoud be used from a policy or technology standpoint.

*Work jointly with the HIT Policy Committee to establish a privacy framework that enables us to constrain the number of security standards.

*As we continue our work, try to use the simplest, fewest standards to meet the need.

*Continue to gather feedback on the 2011 exchanges (ePrescribing, Lab, Quality, Administrative) to determine if there are opportunities to enhance testing platforms and implementation guidance that will accelerate adoption.

Interestingly, several people approached me at the meeting to discuss rumors that the HIT Standards Committee would significantly change the existing 2011 recommendations based on the Implementation Workgroup activities. The purpose of the Implementation Workgroup was to gather feedback, create a set of guiding principles, and ensure we have the best process going forward to ensure the most appropriate standards are chosen. The Implementation Workgroup activities including the blogs, the testimony and hours of discussion have raised awareness of all committee members that will support our future decision making, not revision of the work of the past.

The security testimony was extremely valuable. Here are some of the "Gold Star" ideas

* Many existing clinical products do not provide the functionality needed to support security best practices
* Systems with FDA 501k certifications are often managed by vendors and lack updated operating systems and anti-virus software
* The least important systems are often those which are compromised and provide hackers access to more important systems.

*Security is journey and many healthcare organizations are not well resourced to implement security best practices.
*Security awareness among providers is low.
*We should focus on "Evidence-based security policies and practices". Per the testimony, some dogma in security is not supported by evidence i.e.
- Passwords longer than about 5 characters do not reduce risk in any meaningful way
- Encryption of data at rest in databases and other large systems in data centers typically provide little additional security protection

Data Theft/Loss/Misuse
*Portable devices/Wireless are a major vulnerability
*Audit logs from vendor systems may be insufficient to detect misuse of data
*Role-based security is important. Roles vary in institutions, so it will be challenging to create a one size fits all standard.

Building Trust
*Security should be layered to create an in depth defense
*Data integrity is important to protect patient safety (ensure the record is accurate)
*We need baseline policies and standards for Authorization, Authentication (including identity proofing), Access Control, Audit
A great meeting. I look forward to our next steps - reviewing the interim final rule in mid December based on all the testimony and learning we've had to date.

Wednesday, November 18, 2009

Guiding Principles for the HIT Standards Committee

In the past few weeks, the HIT Standards Committee has gathered a significant amount of written and in person testimony from standards stakeholders. We've run the FACA blog and multiple personal blogs.

On Thursday November 19, we'll present a complete distillation of everything we've learned but there are several recurring themes can could be called Guiding Principles. Just as HITSP was guided by Harmonization Readiness principles to choose standards that were good enough, the HIT Standards Committee has a been told to think about the following whenever it recommends standards:

• Keep it simple; think big, but start small; recommend standards as minimal as possible to support the business goal and then build as you go

• Don’t let “perfect” be the enemy of “good enough”; go for the 80% that everyone can agree on; get everyone to send the basics (medications, problem list, allergies, labs) before focusing on the more obscure

• Keep the implementation cost as low as possible; eliminate any royalties or other expenses associated with the use of standards

• Design for the little guy so that all participants can adopt the standard and not just the best resourced

• Do not try to create a one size fits all standard, it will be too heavy for the simple use cases
• Separate content standards from transmission standards; i.e., if CCD is the html, what is the https?

• Create publicly available controlled vocabularies & code sets that are easily accessible / downloadable
• Leverage the web for transport whenever possible to decrease complexity & the implementers’ learning curve (“health internet”)

• Position quality measures so that they will encourage adoption of standards
• Create Implementation Guides that are human readable, have working examples, and include testing tools

We'll refine this during our meeting on Thursday and the end result should be a polished list of guidance for all our future work.

Tuesday, November 17, 2009

An Open Access Scheduling Model for Management

Wouldn't it be great if we could solve today's problems today?

Every day I receive over 1000 emails. A small number of those emails are complex problems that require multi-stakeholder coordination. Although I can try to solve such problems via email, my rule is that if more than 3 rounds of emails go back and forth about an issue, it's time to pick up the phone or have a meeting.

However, scheduling a meeting among senior managers in a large organization can take a month. By that time, the issue has either become a much larger problem or the opportunity to rapidly move forward has been lost. So much for nimble decisionmaking.

How can we improve this situation?

I suggest we learn from the Open Access Scheduling model used in primary care.

Patients who are sick today do not want an appointment in three weeks - they need to be seen today.

In the past, clinicians noted they were so busy that their calendars were backlogged weeks to months.

But wait - if you see 15 patients a per day, a backlogged calendar does not imply you are seeing more patients. Why not work through the backlog and then leave 50% of the calendar open each day for the patients who are sick each day - solve today's problems today.

The same thing can be applied to our administrative lives. Each day there are challenges created by customers, employees, and the external world. If we left 50% of our calendars open each day for solving today's problems today, we would reduce stress, enhance communication, and improve efficiency. We could even develop metrics for senior executives which measure "time to problem resolution" as a means to drive incentive compensation.

Today, we pay doctors for quantity of care delivered instead of quality. Healthcare reform is intended to change that. Administratively, we should be paid for the problems we solve, the chaos we eliminate, and the processes we improve.

Open Access Scheduling for Management - In December, I'll give it a try and report back how it works.

Saturday, November 14, 2009


When my daughter was growing up, she watched a program called CatDog about the seamless integration of the two animals. "Their" life required constant communication and mutual understanding of the underlying cat and dog cultures.

During the work of the last 4 years, the "healthcare informatics crowd" has been labeled the cats and "internet/health 2.0 crowd" has been labeled the dogs.

At times, I've even been called the leader of the cats.

On Friday November 13, during an HIT Standards Committee Implementation Workgroup call, we reviewed the FACA blog and related postings on the blogs of Sean Nolan, Wes Rishel, Adam Bosworth. One of the participants commented that David Kibbe and I wrote blogs that converged on the same ideas. This is an achievement worth reflection.

Harmonization is the decision by consensus of a path forward that is good enough for everyone.

Compromise is the acceptance by everyone of a path forward that leaves everyone equally unhappy. If often occurs when two stakeholder groups become fatigued enough to put their differences aside.

In my blog this week, I suggested we change "No, because" to "Yes, if" and define the right tool for the job, recognizing the roles of CCD/CDA and CCR/PDF. David Kibbe did the same on the FACA blog.

Also, on the FACA blog, a posting called this right tool for the right job approach "a mistake". The comment received 48 supporting votes and 45 opposing votes - a nearly perfect balance between two points of view.

I think this means we got to 90% of the answer through harmonization and the last 10% through compromise. At the November 19 HIT Standards Committee meeting, we'll discuss all the lessons we learned in the Implementation Workgroup that led us to develop guiding principles such as embracing the simplest standards needed for the specific business need. Yes, there is a role for CCD/CDA and CCR/PDF.

David - welcome to CatDog. We'll have a great life together.

Friday, November 13, 2009

Cool Technology of the Week

Recently, Harvard Medical School implemented a secure password reset architecture that is my cool technology of the week.

Forgotten password processes typically work by asking the user to answer a secret question. However, the answers to such questions may be weak or may be findable on social networking sites, which often disclose detailed personal information (favorite vacation spot, favorite food, favorite car etc.)

We elected to use a two factor approach - something that you have and something that you know. Since more the 90% of Harvard faculty, staff, and students have mobile devices, we elected to send a PIN code for password resetting to their cell phones.

The technology is very simple. Each telephone carrier has a way to transfer an email message to a text message via a normal convention such as ( We send a random code via email(translated to SMS via carrier) to the user's device which is validated when the user enters the code into our site. The codes are time sensitive, which reduces the possibility of compromising a code.

All password resets at Harvard Medical School now require this approach. We implemented it for 22,000 users and have thus far received a dozen calls to the help desk. Here's the email I sent to the community about it.

"To the HMS Community:

To comply with new Massachusetts data protection regulations, which take effect on March 1, 2010, we must make several changes to our policies and technologies. The new regulations require all HMS mobile devices be encrypted; govern how employees are allowed to keep, access and transport records containing personal information outside of business premises; require that an institution knows where every computing system -- including laptops and portable devices -- containing personal information is located; and require reasonable monitoring of systems for unauthorized use/access to personal information. You can read more about the new regulations on my blog.

To ensure the integrity of all personal data, we will be begin making some of the changes now. Effective today, password resetting at HMS includes an optional feature called SafeCode, which we have piloted over the past year. Whenever a password reset is requested, a code to complete the reset will be sent to your cell phone to protect your account.

Over the next month, we'll complete an evaluation of products that will help ensure the safety of laptops and other mobile devices. We'll keep you informed of software applications and services that will be available to the HMS community to ensure compliance with the new regulations.

If you have questions about any aspect of these regulations, please see the Harvard Enterprise Information Security Policy or contact the Help Desk. Thank you for your support of our efforts to further protect the privacy of personal information.


John D. Halamka, MD
Chief Information Officer
Harvard Medical School"

Thursday, November 12, 2009

The China Study

As readers of my blog know I'm a vegan, a locovore, and grow my own vegetables organically. I avoid caffeine and exercise by climbing, cycling, hiking, kayaking, and skiing.

As a vegan, I cannot get B12 from vegetables, so I take a B supplement.

Living in the Northeast, wearing sunscreen while outdoors, and working indoors during the week, I do not produce all the Vitamin D my body needs. Of course, this is just an artifact of a modern office-bound existence. I take Vitamin D each day. Vitamin D toxicity can be problem, since it is a fat soluble vitamin retained in the body (along with Vitamin A,E and K), so more is not better. Take the amount recommended by your doctor.

There are many books about healthy living, but the one book that incorporates all the elements that I have found to work for me is The China Study by T. Colin Campbell. The book examines the relationship between food and health, incorporating data about cancer rates, heart disease, diabetes and their prevalence among different societies with different diets. The data is compelling - an all vegetable, high fiber diet markedly reduces and reverses the lifestyle diseases which afflict our affluent industrial society.

I highly recommend the book, as well as the work of Michael Pollan.

You'll discover that the food industry is not our friend - highly processed, high calorie foods, rich in high fructose corn syrup are killing us, but making profits for the agribusiness, the meat industry, and food packaging conglomerates. The food industry lobby is one of the strongest in Washington, making the status quo very challenging to change.

Healthcare reform starts at home - read The China Study and decide for your self.

Try an organic, locally grown, all vegetable diet with minimal Vitamin B12 and Vitamin D supplements and no caffeine. Your body will thank you for it. I realize that such a diet is not possible in some urban locations where food choices may be limited to convenience stores. I know that fresh vegetables may be more expensive per calorie and thus unaffordable.

My hope is that by putting more government resources into diet education and support for the right foods, we'll be able to eat our way back to health, a better economy, and higher quality lives.

Wednesday, November 11, 2009

The Magic of Middleware

As I mentioned in my blog about Certification verses Meaningful Use, there will be 9 data exchanges required in 2011

Sending reminders to patients
Checking insurance eligibility
Submitting claims
Providing patients with an electronic copy of their record
Providing patients electronic access to their records
Capability to exchange key clinical information (e.g., problem list, medication list, allergies, test results) among care providers and patient authorized entities
Capability to submit data to immunization registries
Capability to provide syndromic surveillance data to public health agencies

It's unlikely that clinician offices and hospitals will rip and replace existing systems. It will take several years for vendors to create upgraded software versions which support all these exchanges and for organizations to deploy them. That means that in the interim, it's likely that we'll need middleware at the border of organizations which translates legacy standards and proprietary vocabularies into the data exchange standards which will be required by the December interim final rule.

Over the past few months, I'm met with many middleware companies. Here are the ones to watch:

Emdeon - provides clearinghouse services and analytics. Although it typically has focused on X12 administrative transactions, its infrastructure could easily be leveraged to transport clinical content

Surescripts - provides the eRx transactions among payers, providers, and pharmacies. Although this infrastructure transports chiefly NCPDP content, it could easily be leveraged to transport other types of clinical content

Intersystems - provides an integration engine for communication within and between enterprises

Edifecs - provides data transport and data mining/business intelligence services on transported data

Orion Healthcare - provides software which maps various standards from one to another and provides transport

Health Language Inc. - provides vocabulary translation services

Intelligent Medical Objects - provides vocabulary translation services and tools which enable clinicians to translate free text into controlled vocabularies.

Visionshare - provides transport of data to Medicare (CMS) using the internet and not a proprietary network. You can imagine a company like Visionshare providing a secure front end from clinician offices to the Nationwide Health Information Network.

Covisint - originally provided supply chain integration for the auto industry, but is now expanding into healthcare transactions such as automated clinician credential verification for the AMA.

Although at some future point, EHR software vendors will include standard content/vocabulary interfaces and the NHIN (aka "the Healthcare Internet) will provide secure transport, these middleware companies will help us with the glide path from the present to the future. I'm confident there will be disruptive innovation in the middleware market, including the notion of using PHRs such as Microsoft Healthvault and Google Health as hubs to collect patient data and exchange it as the patient wishes.

It's hard to predict the future, but if HIPAA administrative simplification provides us with lessons learned about adoption and implementation, middleware vendors will be very important in the years ahead.

Tuesday, November 10, 2009

The Genius of the AND

Recently in Washington, an important political figure asked me why I had the reputation of resisting change.

Since I've spent my life catalyzing change and embracing the latest technology, I found this a very strange statement.

I have no idea how history will record my life and work, but I think the answer is - it depends who you ask.

Wes Rishel wrote a great blog today that reduces the debate about standards and interoperability into two points of view - “the healthcare informatics crowd" and "the Internet crowd".

I've spent the past 4 years facilitating standards harmonization in HITSP, bringing together 800 organizations to discuss the parsimonious number of standards needed to facilitate the data exchanges which will support meaningful use.

From the point of view of the healthcare informatics crowd, the harmonization of disparate approaches into CDA/CCD with XDS.b, XDR, XCA and XDM represents significant simplification and convergence of the major stakeholders in healthcare IT.

From the point of view of the Internet crowd, it represents a set of complex content and security constructs that puts the SDOs in the HTTP business.

The work I've done for the past 4 years aimed at unifying the industry on a web services approach, embracing web-centric standards such as SOAP, XML, and HTTPS. In 2006-2007, this was considered very forward looking. In 2009, RESTful data exchange of simple payloads with TLS and application level security is considered cutting edge.

Thus, my challenge as a leader is to bring together both the healthcare informatics crowd and the internet crowd, without having to take sides and choose either/or.

The answer to me is that we need to embrace both approaches - the right tool for the right job depending on what you want to achieve.

For provider to provider communication which requires the exchange of documents with non-repudiation as the medico-legal record for direct clinical care, the CDA/CCD has great metadata and the ability to support structured data as well as free text discharge summaries/operative notes/history&physicals.

For a summary record that represents a snapshot in time of problems, medications, and labs for transmission between EHRs and PHRs, the CCR and other formats such as Google's CCRg or PDF can do the job.

On the FACA blog today, Marc Overhage wrote about good enough standards for a particular purpose.

This blog posting is likely to generate debates from both the healthcare informatics crowd and the Internet crowd.

Certainly, I believe that a single standard with templates or subsets for a particular purpose would reduce costs and ease the vendor burden of having to support multiple standards, but the trick to accomplishing this is to ensure that the standard be simple enough to be easily implementable for "the little guy", the iPhone, and the use cases of EHR to PHR exchange where the goal is to provide basic summaries to patients. As I said in my blog last week, I'm convinced that the SDOs will continue to refine their content standards such as CDA and CCD to clean up the XML (get rid of moodCode) and provide templates to support a range of applications, both complex and simple (hide the OIDs so that most implementers do not need to deal with them).

Until then, we need a glide path that embraces the healthcare informatics crowd and the internet crowd, respecting the hard work and best thinking of both.

My proposal, as a private citizen and not in any of my committee roles is that we take the advice of Jim Collins in Built to Last in which he describes the "the tyranny of the OR verses the genius of the AND"

For provider to provider communication which requires the exchange of documents with non-repudiation as the medico-legal record for direct clinical care, we use the CDA/CCD.

For a summary record that represents a snapshot in time of problems, medications, and labs for transmission between EHRs and PHRs such as would be used by Microsoft, Google or Keas, the CCR or PDF is good enough.

We separate content and transport, recognizing that some organizations will use XDS.b and XDR for SOAP-based transport, while others will use RESTful approaches, enforcing privacy policy with security features at the application level.

As standards evolve we can revisit this with the aim of convergence as long as further parsimony does not impede innovation.

It is my hope, that by embracing the right tool for the right purpose, we can balance standardization, ease of implementation, and innovation.

The genius of the AND - I hope that both the healthcare informatics crowd and the Internet crowd can embrace this path forward.

Monday, November 9, 2009

Certification Verses Meaningful Use

Recently, clinicians have asked me "why should I implement my organization's preferred EHR when I've found a less expensive vendor that promises meaningful use?"

This illustrates a basic misunderstanding of the difference between Certification and Meaningful Use.

The certification process will be codified in a December 2009 Notice of Proposed Rulekmaking (NPRM) and will define the process for certifying electronic health records including modular and open source approaches. (The Standards for data exchange will be codified in a December 2009 Interim Final Rule and become law immediately.) We know that ONC will specify certification criteria and that NIST will oversee certification conformance testing which will be performed by multiple organizations. However, we will not have the final certification criteria or the defined process until Spring after a period of comment on the NPRM.

Meaningful Use is about electronic documentation to enhance quality/efficiency and actual data exchange among payers, providers and patients. The definition of meaningful use will be codified in a December 2009 Notice of Proposed Rulemaking. We will not have the final meaningful use criteria until Spring after a period of comment on the NPRM.

Thus, it is too early for any software company to declare their product will meet all Certification criteria. In the interim, a vendor can claim product conformance with the latest CCHIT criteria, which is the best indicator of functionality we have at the moment.

Meaningful Use is not about products but about processes - how the software is used and how data flows in an ecosystem of stakeholders. Vendors should not be making claims about meaningful use.

Take a look at the data exchanges in the August 2009 recommendations for meaningful use:

Sending reminders to patients
Checking insurance eligibility
Submitting claims
Providing patients with an electronic copy of their record
Providing patients electronic access to their records
Capability to exchange key clinical information (e.g., problem list, medication list, allergies, test results) among care providers and patient authorized entities
Capability to submit data to immunization registries
Capability to provide syndromic surveillance data to public health agencies

To achieve these 9 data exchanges, multiple sending and receiving parties need to participate.

In the case of Beth Israel Deaconess, achieving this level of interoperability by 2011 will require that we focus on a small number of software vendors. Over time, as standards and implementation guides become more specific and widely implemented, it will be easier to add additional vendors. However for now, we are focusing on getting the work done with our home built EHR and one purchased EHR (eClinicalWorks). Given scope, time, and resources, there is no way we can implement all 9 data exchanges among payers, providers and patients with another purchased EHR in time for Stimulus funding.

Thus, as you make decisions about what EHR to use, remember that certification describes the features of a product. Meaningful use describes actual data capture and exchange among multiple stakeholders in an entire healthcare ecosystem.

Products may be certified in a single clinician office, but meaningful use "takes a village". It cannot be promised by a vendor.

Friday, November 6, 2009

Cool Technology of the Week

On November 4, I met with my director of IS at Needham hospital and we discussed the effort involved in creating a lab ordering/resulting dictionary that links together clinician offices, Meditech sites, and commercial labs. Imagine a spreadsheet with 3 columns of lab codes that is 12000 lines long!

Clem McDonald, who oversees the Lister Hill National Center for Biomedical Communications at NLM and is the developer of Logical Observation Identifiers, Names, Codes (LOINC). Using data from several sources, including the Indiana HIE, United Healthcare and a few other sources, Clem and his team were able to identify a set of about 300 LOINC order codes that cover about 98 - 99% of the most common laboratory orders.

On November 2, several members of the HITSP Care Management and Health Records TC met at the National Library of Medicine to discuss the development of a value set for creating an common interoperable set of laboratory order codes. Present at this meeting was an unprecedented collaboration of people representing healthcare providers, laboratory vendors, HIT Vendors, HIE developers and payers.

You'll find the details in Keith Boone's blog.

When I described the notion of a single lab compendium for the country, eliminating the need for custom mappings at every institution and clinician's office, my Director of IS agreed - that's cool!

Let's hope we can get rapid adoption of a universal lab ordering compendium in labs, hospitals, and clinician offices. Time and money will be saved, quality and safety will improve.

Thursday, November 5, 2009

The H1N1 and Seasonal Flu Vaccines

On Monday, I received the 2009 Live Attenuated Intranasal (LAIV) H1N1 vaccine and the 2009 injectable seasonal flu vaccine.

As a healthy clinician under 50 who sees pediatric patients (mushroom and plant toxicology cases), I'm in the initial tier who qualify to receive the intranasal H1N1 live attenuated vaccine.

The experience of intranasal administration is interesting - inhaling an aerosolized liquid that slowly drips from your nasopharynx down your throat is not the most pleasant sensation. I suspect that pediatric patients will prefer the intranasal approach to an injection.

For 12 hours after receiving the vaccine, I experienced slight nasal congestion and mild fatigue. The complete fact sheet about risks and side effects is given to every patient.

During the same visit I received the 2009 Seasonal flu injection, an inactivated (killed virus) vaccine. Other than mild soreness at the injection site, I had no symptoms.

For me, the vaccines were a positive experience and will ensure that I am not a viral vector (call it personal anti-virus software) in the season ahead.

Since vaccine supplies are limited, it is important to understand the epidemiology of H1N1 (rates of reported cases per 100,000 population)

0 to 4 years — 22.9
5 to 24 years — 26.7
25 to 49 years — 6.97
50 to 64 years — 3.9
≥65 years — 1.3

You'll find a great UptoDate summary online.

Also, Harvard Health Publications has launched an iPhone App to provided the latest information about H1N1.

Wednesday, November 4, 2009

Standards Lessons from the Web

Following last week's HIT Standards Committee Implementation Workgroup Hearing , Microsoft's Sean Nolan and Gartner's Wes Rishel wrote thoughtful blogs.

They point out that the web has two basic standards - content (HTML) and transport (HTTP). Of course there are several other supporting standards such as DNS, TLS/SSL, URL syntax, CSS, etc. but to get started all you need is basic content and transport. You can learn everything you need to know to create a web page in under an hour.

At the hearings, I got that sense that much of the content we've (HITSP, HIT Standards Committee, the industry in general) proposed for healthcare such as NCPDP Script for eRx, HL7 2.x for lab, and X12 for administrative transactions is fine. There is some debate about the right level of simplification for a clinical summary standard, but I'm convinced that the SDOs will continue to refine clinical summaries in a way that ensures suitable content packages will be available for simple and complex use cases. There is additional vocabulary work to do, but that is already is in progress.

On the transport side, let's explore the options:

1. Do nothing and let the market develop a transport mechanism - after all that is what happened with HIPAA (it specified the content as X12 4010 and left implementation of transport up to the market)

I do not favor this option. In Massachusetts, NEHEN implemented secure appliances to solve the problem of data transport. We spent millions and took years to do this. HIPAA transactions are not as widely implemented as the industry would like, largely because transport standards were missing and implementation guidance for the content was not detailed enough. Of course, you could force everyone to sign up for the clearinghouse/intermediary of their choice but this creates heterogeneity, click fees, and unnecessary middlemen.

2. Specify all the standards and policies necessary for end to end secure transport.

Thus far, we've stayed architecturally neutral and provided a suite of standards for transport that ensure authentication, authorization, role-based access control, and auditing to support all policy variations. This approach has been a fine starting point, but it needs to be refined via policy so the number of standards can be constrained. For example, a policy which states that audit trails must be available showing who looked at what when is probably sufficient instead of requiring every organization to implement a standards-based audit trail. It's unclear what the business case is for a completely standardized, interoperable audit trail. Another example - If policy requires segmentation of the record into standard care, HIV care, mental health care, and substance abuse care, as well as requires that the application enables patients to record their preferences for release of these 4 segments, do we need access control standards or accept that the application adequately protects privacy?

If policies and certification ensure appropriate application behavior then point to point transport might be as simple as TLS with bilateral certificate exchange at the infrastructure level, substantially reducing the burden of implementation.

Of course, some may argue that an approach that uses simple web standards for securing transmission and leaves other privacy controls to the application cannot ensure "chain of trust" end to end security. It is true that each organization and stakeholder would have to decide if they trust the applications used by their trading partners. Our experience with NEHEN is that policy, data use and reciprocal support agreements (DURSA), and simple transport standards can facilitate rapid implementation of healthcare information exchange.

3. Deploy appliances that serve as secure gateways between organizations.

With policies and over the wire security standards, the market can develop appliances that securely transport packages of content. Some may be SOAP-based using CAQH Core or XDS/XDR and some may be REST-based. The folks at FHA Connect have done a great job creating an open source application that can serve as such an appliance.

One thing I've learned from negotiation (my Walks in the Woods) is that being dogmatic about one solution is rarely the right answer. Folks who know me often hear the word "parsimonious" - the smallest number of solutions needed to meet the needs of stakeholders. The answer is not 100 variations but a small number that provides business value - the right tool for the right job. From the work I've seen thus far, I think the transport solutions that will work for stakeholders include:

1. For those who want end to end standards controlled secure transport that guarantees integrity of documents - XDS, XDR, XDM and XCA fulfill the need. These standards are SOAP-based and enable use of WS* security controls, so they are useful for protecting privacy at the standards level.

2. For those who want standards-based security with simple implementation, an appliance such as FHA Connect, NEHEN, Intersystems' Ensemble, or Orion Health's Rhapsody is a very reasonable approach.

3. For those who want a secure channel for transporting data elements such as a problem lists, medication lists, and labs from EHR to PHR, a simple TLS and REST approach is good enough. Ideally, HITSP and the HIT Standards Committee workgroups will provide an implementation guide with standard URIs/querystrings so that we'll not have huge variation in REST APIs. Some have used the term "Healthcare Internet" to describe such an approach.

I look forward to the work of the next several months. I'm confident that HITSP, the HIT Standards Committee Workgroups, and the new HIT Policy Committee NHIN Workgroup will evaluate the options and make recommendations.

Tuesday, November 3, 2009

The FY10 BIDMC IS Operating Plan

I've previously posted the Draft Clinical Systems Operating Plan for BIDMC Information Systems.

Today, I've posted the entire FY10 BIDMC IS Operating plan for infrastructure, clinical systems, financial systems, HIM, knowledge services, media services, academic computing, and our community sites.

Highlights include:

Numerous infrastructure upgrades to networking, storage, and security

Meaningful Use of EHRs for inpatient and outpatient clinical care

Upgraded supply chain, revenue cycle, and payroll functionality to support enhanced workflow and efficiency

Continued migration from a hybrid paper/electronic record to fully electronic

Enhancement to consent management education, plain language educational resources, and on- line knowledgebases

Expanded telemedicine and collaboration tools

Advanced research administration support tools.

Meditech upgrades including CPOE, eMAR, and interfaces.

The task of building better applications and more reliable infrastructure is never done, but each year we get better and better. Setting priorities that balance available resources, quality and safety is the challenge. I hope our customers and employees agree that we've set a reasonable balance.

Monday, November 2, 2009

Next Steps for our Community Quality Registry

I've previously described the Beth Israel Deaconess Physician Organization's (BIDPO) decision to create a community registry for quality data warehousing in support of meaningful use.

As the project has progressed, we've made several decisions that I'd like to share.

What quality indicators will we store?

We've inventoried all the pay for performance reporting requirements of our local payers and crosswalked it with the 17 quality metrics required for meaningful use, as documented on the new HHS Blog.

In summary, the measures will include treatment process and outcomes data for:

Acute Bronchitis
Adverse drug events
Cancer Screening
Cardiovascular Conditions
Lead Screening
Medical Home
Reproductive Health
Substance Abuse
Surgery Patients
Vital Signs

You'll find the details in this presentation.

Other decisions we've made include:

1. All our data content transfers from eClinicalWorks and our home built EHR will be done using the HITSP C32 implementation guide of CCD.

2. Transport will be done using the HITSP Service Collaboration 112, specifically using TLS with certificate exchange. We will use the NEHEN network (diagramed above) for routing from our EHR hosting site to the quality data center.

3. To protect confidentiality we will pseudonymise the data, separating identifiers from the data itself. BIDPO will be able to re-identify data for queries such as assembling quality measures from different data sources, but a breach of the registry itself will not release any patient identified information.

This project will enable us to implement and refine many of the standards recommended by HITSP and the HIT Standards Committee. I will continue to report experiences from our implementation efforts which I hope will be used to enhance the standards implementation guides.